I think I have got the answer... authorized_keys has to be removed from
the server.
UK Jaiswal wrote:
>
> Resending as the original mail seems to have been lost.
>
> Hi,
>
> I have a machine in which just ssh login is allowed. When I login as
> root, I see that I am the only one logged in (by running w / who) but
> when I see the result of "last", I see that there is another login of
> root from a different IP address. Is it possible for somebody to login
> in a hidden manner so that it does not show up in "who"?
> BTW, that IP had access to this machine some time back but since then I
> too have changed the password of root and have rebooted the machine a
> couple of times.
> I guessed that he might have left some ssh key due to which he is still
> able to access my machine inspite of the password being changed. I tried
> to move ssh_host_key from /etc/ssh/ to another place but then I too lost
> access to the machine after rebooting. Then I had to start in single
> user mode and restore "ssh_host_key" to the original place. Now I am not
> sure how to proceed lest I commit more mistakes which I cant afford to.
> Shall be garteful if somebody could guide here too.
>
> Thanks,
> Uk
>
> ----------------------------------------------------------------------
> An alpha version of a web based tool to manage your
> subscriptions with this majordomo2 server is available
> at http://lists.linux-india.org/cgi-bin/mj_wwwusr
----------------------------------------------------------------------
LIH is all for free speech. But it was created for a purpose - to help
people discuss issues about installing and running Linux. If your
messages are counterproductive to this purpose, your privileges to
submit messages can and will be revoked.
